On Thu, Oct 7, 2021 at 10:31 AM Simon Chopin <simon.cho...@canonical.com> wrote: > > Hi all, > > As some of you might have surmised, we're planning to move to OpenSSL > 3.0 [0] for 22.04. This new major release brings of course some new > things, but also breaks API and ABI.
If/when we get to 3.0, please do let upstream systemd know, as Ubuntu is the last blocker holding up the transition from gcrypt over to openssl in systemd. https://github.com/systemd/systemd/pull/14743#issuecomment-748078464 > > We intend to update the openssl package to 3.0.0 as soon as possible in > the 22.04 cycle, provided that all the build-rdepends of libssl-dev in > main are ready for the transition. You'll find at [1] the latest test > rebuild, where you'll find that around 35 rdeps from main, and ~180 > packages from universe fail to build. This test build has been done in > the PPA schopin/openssl-3.0.0 [2], which you can use to test your > packages against. > > If you'd like to help out (please do ;-)), I've started filing bugs > against the various packages that fail, using the tag > 'transition-openssl3-jj' [3] to track it all. Please use this tag when > working on this issue. You'll find resources to migrate codebases from > 1.1 in the OpenSSL man pages[4]. > > As stated, the transition should only take place if main is ready for > it. As far as universe is concerned, in an ideal world all the 180 > packages above would be fixed in time for the release. However, if not > so, we'll either remove the package from the release or, if *really* > necessary, would introduce a compatibility openssl-1.1 package. The > latter option is of course highly undesirable. > > When we'll upload the new version of openssl to the archive, existing > packages should still be installable as the binaries for libssl1.1 will > be kept around as long as they're depended on. However, the autopkgtests > of packages lagging in the transition, or even of their rdeps, might > start to fail if they build the tests during the autopkgtests. If that's > the case, you might want to get the package rebuilt against OpenSSL3 and > rerun the tests with all-proposed=1. > > Cheers, > Simon Chopin > > [0]: https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/ > [1]: https://people.canonical.com/~schopin/rebuilds/openssl-3.0.0-impish.html > [2]: https://launchpad.net/~schopin/+archive/ubuntu/openssl-3.0.0 > [3]: https://bugs.launchpad.net/ubuntu/+bugs?field.tag=transition-openssl3-jj > [4]: https://www.openssl.org/docs/manmaster/man7/migration_guide.html > > -- > ubuntu-devel mailing list > ubuntu-devel@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel